The Digital Collegian - Published independently by students at Penn State
SCIHEALTH
[ Tuesday, Nov. 19, 2002 ]

Password choice vital to Penn State Internet security

By Erin Plute
For The Collegian

They are the keys to unlocking the vast amounts of private information that are available through the Penn State Web site.

Yet, unlike keys, most students never think about what would happen to them if these were stolen, or consider the effects such a loss would have on the Penn State community as a whole.

They are access account passwords.

One of the biggest threats to technological security at Penn State lies in something much more mundane than hacker groups or terrorists. It is poor user password choice and protection.

"The most troublesome security breaches are caused by users who don't use prudence creating and modifying account passwords," said John Domico, who is in charge of the computer science department's systems support staff.

Some people tend to pick easily guessed passwords, jeopardizing the network as a whole.

To choose a good password, Karen Hackett, Web coordinator in the Center for Academic Computing (CAC), suggested that students follow CAC's password policy, available online at www.psu.edu/policies/password.html.

This policy requires passwords to be six or more characters long and to contain at least one number and one letter. In addition, passwords cannot contain obvious or easily obtainable information about the user, such as the user's initials, user ID, given name, Social Security number or telephone number.

The policy also prohibits students from sharing their passwords with any other person. Hackett said students are often lax in protecting their passwords. In particular, they sometimes share their passwords with family members.

Allowing others, even close relatives, to access this information is dangerous.

"It allows others to assume your identity," Hackett said.

Many students at Penn State said they weren't concerned with their password choices.

Derrick Wallet (sophomore-engineering) said he hadn't changed his access account password since he began attending the university last year.

Erin Sempf (sophomore-kinesiology) said she has also not changed her password since her first day as a freshman. Neither student said they were concerned about the level of technological security at Penn State.

Although there are several distinct computer networks at Penn State, all involve the same levels of security. This is because of the strict guidelines set forth by Penn State's policy AD-20, which outlines in detail the responsibilities of those involved in the university's networks.

According to the policy, users are responsible for "safeguarding passwords and/or other sensitive access control information related to their own accounts or network access" and "taking reasonable precautions, including personal password maintenance ... to prevent unauthorized use of their accounts, programs or data by others."

According to university policy, it is the user's responsibility to choose a difficult-to-guess password and ensure that it remains private.

Such conscientiousness is necessary to ensure the security of the network as a whole.

Though it is up to the individual to choose and maintain a secure password, there are certain things that the university does to try to maintain safe security levels.

The computer science department, for example, occasionally runs a password-cracking program, which attempts to guess the passwords of the network's users.

This technology -- used by some hackers -- helps the department to recognize those whose passwords are too easily guessed. These people are contacted and asked to choose more secure passwords.

 

TOP  HOME
News  Sports  Opinions  Arts  Venues  Special  Classifieds 
Blogs  About  Contact Us  Back Issues  Advertising 

Copyright © 2009 Collegian Inc.